Privacy Policy

This Privacy Policy applies to the mobile application Supering AI Life Assistant provided by SUPERING TECHNOLOGY LLC.

Effective Date: 2025-10-09

This Privacy Policy applies to the mobile application Supering AI Life Assistant (iOS bundle ID: io.supering.lifeos; Android package name: io.supering.lifeos) provided by SUPERING TECHNOLOGY LLC. This Policy also describes how SUPERING TECHNOLOGY LLC (“Supering,” “we,” “us,” or “our”) collects, uses, and shares information when you use the Application. The Application is provided as a freemium service and is offered “AS IS.” By using the Application, you agree to this Policy.

Controller and Contact

  • Controller: SUPERING TECHNOLOGY LLC
  • Address: 5830 E 2nd St, Ste 7000, Casper, Wyoming 82609, US
  • Email: hello@supering.io

Information We Collect

  • Account Information: Email address, full name, profile photo (avatar), and an app‑scoped user ID. Optional preferences you choose to provide (e.g., budget level, dietary preferences, favorite cuisines, commute method, health goals).
  • User‑Generated Content: Notes, tasks, reminders, goals, diary entries, files/photos you attach, and AI prompts/responses you create. Your content may include personal or sensitive information at your discretion.
  • Location (Foreground Only): With permission, precise (GPS) and approximate location while the app is in use to power context‑aware features (e.g., weather, relevant suggestions). No background location. Location may be sent to OpenWeatherMap only to fetch weather conditions.
  • Health & Fitness (Optional): With explicit consent, steps, sleep, calories, distance, weight, and related metrics from Apple Health (iOS) and Google Fit (Android) to provide wellness features. You can revoke access at any time.
  • Voice Input (Optional): With permission, microphone audio to convert speech to text for commands and note‑taking. Audio is processed by our transcription/AI provider (e.g., Google speech services and/or Google AI/Gemini) solely to return text results and is not retained by us after transcription. Resulting text may be stored with your account.
  • Camera (Optional): With permission, the camera to capture photos you attach to content. We do not import your device’s photo library unless you choose to share from it.
  • Calendar (Optional): If you connect Google Calendar, we store OAuth tokens and limited event metadata to create/update events on your behalf.
  • Notifications & Device Data: Push notification token and limited device details (brand/model/OS version) to deliver notifications reliably.
  • Diagnostics & Usage: IP address, device/OS type, app version, and feature usage necessary to secure, operate, and improve the Application.
  • Biometric Authentication (Optional): When enabled, device biometric APIs (Face ID/Touch ID/Android Biometric) protect access to sensitive screens. Biometric templates never leave your device; we do not receive or store biometric data.

How We Use Information

  • Provide Core Features: Account login, syncing, storage, reminders, notifications, calendar integration, health tracking, location‑aware features, and biometric lock (if enabled).
  • AI Assistance: Send prompts and context you provide to our AI provider (e.g., Google AI/Gemini) to generate responses/suggestions. We may store responses with your account for history and search.
  • Voice Transcription: Process audio solely to return text results; we do not retain the audio after transcription.
  • Communications: Transactional/service emails (e.g., verification, receipts, important updates) via Resend.
  • Safety, Security, and Performance: Prevent abuse, troubleshoot, and improve reliability and user experience.
  • Legal: Comply with law, enforce terms, and protect rights, safety, and property.

What We Don’t Do

  • We do not sell your personal information.
  • We do not import your device’s contacts. Any contacts you store are those you manually enter.
  • We do not collect advertising IDs for ad targeting.

Third‑Party Service Providers

  • Supabase (authentication, database, edge functions)
  • Google (OAuth & Calendar APIs; Google Fit; Google AI/Gemini; speech)
  • Apple (Sign in with Apple; Apple Health on device)
  • Expo (push notifications)
  • RevenueCat (subscriptions/entitlements)
  • OpenWeatherMap (weather data)
  • Resend (transactional email)

Location Details

Precise and approximate location are collected only with your permission and only while using the app to power weather and context features. Location may be sent to OpenWeatherMap to retrieve conditions. No background location tracking.

Health Data Details

Health/fitness data is accessed only after you grant permission. Metrics may be stored in our backend to provide insights and goals. You can revoke access at any time in Apple Health/Google Fit settings and within the app.

We only use Health/fitness data to provide wellness features you enable. We do not use Health/fitness data for marketing or advertising, do not sell or broker it, and do not share it with third parties except our processors to provide the Application at your direction.

AI & Transcription Providers

We configure our AI and transcription providers (e.g., Google speech services and/or Google AI/Gemini) to avoid using your prompts/audio to train their models where such controls are available. If a provider retains limited logs for service reliability or abuse prevention, we minimize the data we send and apply protective measures. We never use AI/transcription content for targeted advertising, and we do not make automated decisions that produce legal or similarly significant effects.

Legal Bases for Processing (EEA/UK/Similar)

  • Performance of a contract: Provide core features you request.
  • Legitimate interests: Security, troubleshooting, and service improvement.
  • Consent: Health/fitness, location, microphone/camera, calendar, notifications, and certain AI features.
  • Legal obligations: Compliance with applicable laws.

Data Retention

  • Account & Content: Retained while your account is active and deleted upon request (subject to legal obligations and routine backup cycles).
  • Health Metrics: Retained while health sync is enabled or until you request deletion.
  • Voice Audio: Not retained after transcription; transcripts may be stored with your content.
  • Diagnostics/Usage: Retained up to 24 months; may be aggregated/anonymized thereafter.
  • Backups: Deleted data may persist in encrypted backups for a limited period under our backup retention schedule before being purged.
  • OAuth Tokens: Tokens are deleted and/or invalidated promptly when you disconnect an integration (e.g., Google Calendar).

Sharing and Disclosure

  • We share data with the providers listed above only as needed to operate the Application.
  • We may disclose information to comply with legal process, enforce terms, protect safety, prevent fraud, or in connection with a corporate transaction (e.g., merger, acquisition), subject to continued protections.

Your Choices and Rights

  • Permissions: Disable location, microphone, camera, calendar, health, and biometric access in device settings at any time.
  • Access/Export/Deletion: Email hello@supering.io to request access, export, or deletion of your data. We will respond within a reasonable timeframe.
  • Regional Rights: Depending on your location (e.g., GDPR/CPRA), you may have rights to access, correct, delete, restrict, or object to processing, and to data portability. You may appeal our decision by replying to our response or emailing us with “Appeal” in the subject. We do not “sell” or “share” personal information for cross‑context behavioral advertising and we do not use sensitive personal information for additional purposes.

Security

Encryption in transit (HTTPS), provider encryption at rest (e.g., Supabase), least‑privilege access, audit logging, and access controls (including database Row Level Security). We will notify you and/or regulators of data breaches as required by law. No system is 100% secure.

International Transfers

We may process and store data in the United States and other countries where our providers operate, using appropriate safeguards where required (e.g., EU Standard Contractual Clauses and the UK IDTA/UK Addendum).

Data Safety Summary

  • Location (precise/approximate): App functionality (weather/context); not used for advertising.
  • Health & fitness: App functionality (wellness features); not used for advertising or data brokerage.
  • Identifiers (account ID, push token): Account management and notifications.
  • Diagnostics/usage: App performance, reliability, and security.
  • Contacts: Not imported; only information you manually enter.

Children’s Privacy

The Application is not directed to children under 13. We do not knowingly collect personal information from children under 13. If we learn such data was provided, we will delete it. In some regions (e.g., EEA/UK), higher age thresholds may apply.

Changes to This Policy

We may update this Policy from time to time. We will post updates in‑app or on our website. Continued use constitutes acceptance of the updated Policy.

Contact

  • SUPERING TECHNOLOGY LLC
  • 5830 E 2nd St, Ste 7000, Casper, Wyoming 82609, US
  • Email: hello@supering.io